CVE-2024-38370

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions GLPI versions 9.2.0 through 10.0.15

Description The issue allows unauthorized download of documents from the API without appropriate rights.

Recommendations Upgrade to version 10.0.16 to resolve the issue. As a temporary workaround, consider restricting access to the API endpoint to minimize the risk of exploitation.

Exploit

Fix

Improper Access Control

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-285

Related Identifiers

BDU:2025-09879

CVE-2024-38370

GHSA-XRM2-M72W-W4X4

Affected Products

Glpi

Red Os

CVE-2024-38370

Weakness Enumeration

Related Identifiers

Affected Products

References · 14